mirror of
https://github.com/ZDoom/raze-gles.git
synced 2024-12-24 02:30:46 +00:00
Patch up access of malloc'd buffer one byte beyond its size in kplib's
JPEG decoder (unearthed by valgrind). git-svn-id: https://svn.eduke32.com/eduke32@2231 1a8010ca-5511-0410-912e-c29ae57300e0
This commit is contained in:
parent
f87c0db3ce
commit
76d210c4b8
1 changed files with 3 additions and 2 deletions
|
@ -1658,7 +1658,7 @@ static int32_t kpegrend(const char *kfilebuf, int32_t kfilength,
|
|||
{
|
||||
while (curbits < 16) //Getbits
|
||||
{
|
||||
ch = *kfileptr++;
|
||||
ch = *kfileptr++; // BUF_LENG_READ
|
||||
if (ch == 255) kfileptr++;
|
||||
num = (num<<8)+((int32_t)ch); curbits += 8;
|
||||
}
|
||||
|
@ -3294,7 +3294,8 @@ void kpzload(const char *filnam, intptr_t *pic, int32_t *bpl, int32_t *xsiz, int
|
|||
(*pic) = 0;
|
||||
if (handle < 0) return;
|
||||
leng = kfilelength(handle);
|
||||
buf = (char *)Bmalloc(leng); if (!buf) return;
|
||||
buf = (char *)Bmalloc(leng+1); if (!buf) return;
|
||||
buf[leng]=0; // FIXME: buf[leng] read in kpegrend(), see BUF_LENG_READ
|
||||
kread(handle,buf,leng);
|
||||
kclose(handle);
|
||||
|
||||
|
|
Loading…
Reference in a new issue